Consolidating information to the EventSentry database

Requesting Data (Step 3 of 5)

Setting up EventSentry to write to the database

For the web reports to be of value, EventSentry needs to be setup to write data (event log records, performance data, logon data etc.) to your database. In our example we are using Microsoft SQL Server and have already named it Primary Database in the Actions section of the EventSentry Management Console.

Now that our database Action is set up, we need to tell EventSentry which information we would like logged to the database.

I would start by configuring a filter to consolidate event log records to the database. There is a package included with EventSentry, called Database Consolidation, which already does this. Ensure that the package is enabled, is assigned to your hosts, and has your Primary Database action selected in the Actions list. If you do not have this package anymore, this is an example of how to create a filter that would write events to the database.

This example filter is currently set to forward all Information, Warning, Error, and Audit Failure events that occur in the Application, Security, or System event logs to our Primary Database connection. This will provide event information to the web reports. You might want to create a separate filter to include Audit Success events (only select the Security log checkbox and the Audit Success checkbox) if you have disk space on the database server for all of the successful logon and network connection events to be written to the database. Alternatively you can also setup exclude filters to exclude certain events from being written to the database.

Since EventSentry can also write useful health and tracking information to the database, we will configure EventSentry to write that information to the database as well.

To configure health and tracking items to write to the database you can assign the target to each individual item or the package as a whole. The example below is for assigning the database action to each individual item.

To assign a database action to all tracking sub-features (e.g. process, print, account management), right-click the package, select edit and specify the target in the Overrides section as shown below.

After setting all System Health and Compliance Tracking package items to log to the database notifications target, be sure to Save and Update the Configuration on all the remote hosts.